Xen Dom0, are we making progress?

[Andras Gót]

Nikolas Britton wrote:
> On 3/12/07, Ronald Klop <ronald-freebsd8 at klop.yi.org> wrote:
>> On Mon, 12 Mar 2007 20:16:32 +0100, Nikolas Britton
>> <nikolas.britton at gmail.com> wrote:
>>
>> > Is FreeBSD making any progress in Xen Dom0 / Intel VT support? I'd
>> > really like to consolidate some underutilized FreeBSD servers. Are
>> > their any alternative solutions that will enable me to do this kind of
>> > stuff with FreeBSD, or would it be better to go with Solaris Dom0 +
>> > FreeBSD DomU?
>>
>> http://docs.freebsd.org/44doc/papers/jail/jail.html
>> google: jail freebsd
>>
>
> Yes I'd like to know more about jails, is there a high level /
> executive summary type document that I can read somewhere? From what I
> remember jails are mostly designed to partition stuff... for security
> reasons.
>
> What I'd really love to do is split up each service (httpd, postgres,
> samba/nfs,  ldap/nis, asterisk, etc.) into discrete virtual machines.
> It's too much work trying to make them all play nice on one system,
> especially during upgrades. As it is right now I don't upgrade any
> services once a system is in production use.
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>

Hi,

For first read man jail. :) Apache, bind, mysql and postfix run fine in 
a jail. For postgres you've to turn on the jail.ipc.
This is basicly not so bad, but definitely reduces security. For 
samba/nfs/ldap/nis and asterisk I don't have the experience, but if they 
not need ipc, they'll run fine out of the box. In jails I suggest that 
you mount your ports tree with some nullfs mount. With this you'll save 
some hd capacity. (The installed port list is in /var, not in 
/usr/ports.) In jails you can't do resource control, so keep that in mind.

Regards,
Andras